1. Field of the Invention
This invention relates generally to computer security systems, and relates more particularly to a system and method for managing and enforcing complex security requirements in a distributed computer network.
2. Discussion of the Background Art
Computer security issues have become more complex with the continual evolution of contemporary computer systems. As corporations utilize increasingly distributed and open computing environments, the security requirements of an enterprise typically grow accordingly. The complexity of employee, customer and partner access to critical information assets, while assuring proper security, has proven to be a major hurdle. For example, many organizations deploy applications that allow their external business partners, as well as their own internal employees, to access sensitive information resources within the enterprise. In the absence of adequate security measures, an enterprise may thus be subject to the risk of decreased security and confidentiality.
While most organizations focus their security concerns on protecting the internal network from the outside world, it is estimated that 80-90% of all corporate security breaches come from within an organization (source: Aberdeen Group, September 1997). This further underscores the need to specify and enforce an access control security policy within the enterprise network.
In today's complex business environment, specifying, stating, implementing and managing an enterprise access control policy may be both difficult and inefficient. When corporate data and applications revolved around a mainframe model, the problem of defining and managing access to corporate applications was relatively straightforward. Today, the complexity of business methods, as well as the complexity of distributed application architectures, may force companies to resort to ineffective, manual or highly custom approaches to access control in their attempts to implement the business process.
To secure a complex and distributed computer system, the system may typically employ a combination of encryption, authentication, and authorization technologies. Encryption is a means of sending information between participants in a manner that prevents other parties from reading the information. Authentication is a process of verifying a party's identity. Authorization is a technique for determining what actions a participant is allowed to perform.
Encryption and authentication are well understood and have led to effective network security products, whereas authorization technology is not as well developed, and is often inadequate for many enterprises. The security approach of most companies today is to focus on the authentication of users to ensure that those users are part of the organization or members of select groups. Authentication can be accomplished with a number of different approaches, from simple password or challenge response mechanisms to smart cards and biometric devices such as fingerprint readers. Once users are authenticated, however, there is still a significant problem in managing and enforcing their sets of privileges, which may be unique and vary widely between users. The same authentication mechanism can be used for every user, but different authorization mechanisms must be developed for most applications. Therefore, reliable and efficient access control is a much more difficult problem facing enterprises today.
Authentication mechanisms often work together with some sort of access control facility that can protect information resources from unauthorized users. Examples of network security products include firewalls, digital certificates, virtual private networks, and single sign-on systems. Some of these products provide limited support for resource-level authorization. For example, a firewall can screen access requests to an application or a database, but does not provide object-level authorization within an application or database. Single Sign-On (SSO) products, for example, maintain a list of resources an authenticated user can access by managing the login process to many different applications. However, firewalls, SSO and other related products are very limited in their ability to implement a sophisticated security policy characteristic of many of today's enterprises. They are limited to attempting to manage access at a login, or “launch level,” which is an all or nothing approach that cannot directly implement a policy that spans an entire enterprise.
A real-world security policy that spans a large enterprise, otherwise known as an enterprise or global security policy, uses a detailed and dynamic knowledge base specific to that enterprise. The authorization privileges are specific to the constantly evolving sets of users, applications, partners, and global policies that the enterprise puts in place to protect its key information resources. A security policy that spans a large enterprise can consist of tens or hundreds of thousands of individual rules that cover which users are authorized to access particular applications, perform various operations, or manage the delegation and transfer of tasks. Many of these policy rules that implement the business practice of an organization have to be hard-coded within custom-built applications or stored in a database.
The key problem is that the policy rules that make up an enterprise or global security policy are localized, scattered throughout the organization, and embedded in applications and databases. Such embedding is expensive and error-prone, militating against efficient policy updates. An organization cannot effectively implement and manage the resulting policy. Inconsistencies arise and updates can quickly become unmanageable. Policy queries and analysis from a global perspective are nearly impossible. The resulting policy begins to diverge from the intended business practices of the organization. Compromises are made in the policy implementation at the department level, and auditors can quickly become frustrated.
The increasing security risks associated with the proliferation of distributed computing, including Intranet and Extranet applications, are prompting many organizations to explore a broad range of security solutions for controlling access to their important information assets. Although organizations have a number of solutions to choose from for authenticating users (determining and verifying who is attempting to gain access to the network or individual applications), there is little choice when it comes to controlling what users can do and when they can do it to the extent necessary to implement the kinds of complex security policies required by modern organizations. Organizations have been forced to choose between custom authorization solutions that are costly, error-prone, and difficult to manage, and third-party solutions that are very limited in their abilities to control access to information across applications and databases.
A real-world security policy determines which users are authorized to access particular applications, perform various operations or manage the delegation and transfer of tasks, as well as when and under what circumstances they are permitted to do so. Authorization privileges depend upon a constantly evolving set of users, applications, partners, and business polices that comprise the enterprise or global security policy. A typical enterprise environment consists of several thousand users, hundreds of applications, and a myriad of network resources, resulting in a security policy that can consist of tens or hundreds of thousands of interrelated policy rules.
Typically, organizations attempt to control access to the internals of in-house applications through policy rules that are hard-coded in the application or through stored procedure statements in the database. But as the number of applications and databases grows, this patchwork approach to authorization quickly gets out of hand. First, organizations must incur the costly and time-consuming overhead of developing customized security code for each application. But more importantly, once the code is developed and embedded in an application, the embedded policy rules become hard to track, difficult to update, and nearly impossible to manage because they are scattered throughout the organization.
With an estimated 80 percent of all security breaches coming from authorized users (source: Forrester Research), advanced policy features and enforcement mechanisms are needed to control access to sensitive information assets. To implement an enterprise or global security policy, organizations need a centralized policy and a powerful way to specify policy rules to give them adequate access control security. At the same time, organizations need a distributed infrastructure that can provide authorization services to all applications and has performance and scalability characteristics mandated by modern distributed network environments.
A security policy that spans an entire organization, in practice, involves constant changes, such as environmental, organizational, operational, and IT structural changes. As a result, the policy in such a system needs to be frequently updated. However, such a policy may contain thousands of rules, applications and users. In a distributed system, these applications and users may be scattered through many geographically separated locations, which are connected to each other through a network. Consequently, distributing an updated policy can congest the network and delay implementation of the newly updated policy. Further, a currently enforced version of a policy may be generated based on a sequence of changes to a sequence of previously enforced versions of the policy. Each version change may involve many rule changes, such as adding new rules and deleting or amending some of the existing rules. During theses changes, errors can be made and rule change decisions can be altered. Therefore, it may be necessary to reconstruct one of the previously enforced versions of a policy. However, after many rule changes, it is difficult and time consuming to accurately reconstruct a previously enforced version of such a policy, especially over a distributed network.
In addition, a policy may contain thousands of inter-related rules which are enforced for many functional branches in an organization and hundreds of applications used by thousands of users. Conventional security policy systems do not provide sophisticated policy analysis functions, which prevents managers and policy administrators from comprehensively understanding how policies will be enforced. This may result in various policies having inconsistent or contradictory rules. To enable management and policy administrators to efficiently and comprehensively manage or maintain sound policies, it is desirable to provide a system capable of performing comprehensive policy analysis, including policy inquiry, policy verification, and policy cross-referencing.
Therefore, there is a need for an improved system to protect distributed networks against unauthorized access, by managing and enforcing complex security policy requirements for the enterprise.
There is also a need for an improved centralized policy management system which separates or externalizes security policy rules from applications.
There is also a need for an improved system for efficiently distributing updated or changed policies that protect access to applications.
There is another need for an improved system for efficiently reconstructing, based on the currently enforced version of a policy, a previously enforced version of that policy.
There is still another need for an improved system for providing comprehensive policy analysis, including policy inquiry, policy verification and policy cross-referencing.